admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-26T17:00:35.248459+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-26 17:00:39 +00:00
parent 0f55908d22
commit 14c750e6a9
67 changed files with 3149 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
CVE-1999/CVE-1999-07xx/CVE-1999-0783.json
View File

@ -2,7 +2,7 @@
"id": "CVE-1999-0783",
"sourceIdentifier": "cve@mitre.org",
"published": "1998-06-16T04:00:00.000",
"lastModified": "2011-03-08T02:01:10.657",
"lastModified": "2024-01-26T16:54:15.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-59"
}
]
}
@ -69,7 +91,17 @@
"references": [
{
"url": "http://www.ciac.org/ciac/bulletins/i-057.shtml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.osvdb.org/6090",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

50
CVE-1999/CVE-1999-13xx/CVE-1999-1386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-1999-1386",
"sourceIdentifier": "cve@mitre.org",
"published": "1999-12-31T05:00:00.000",
"lastModified": "2016-10-18T02:03:55.923",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:54:30.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-59"
}
]
}
@ -58,9 +80,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:larry_wall:perl:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.4",
"matchCriteriaId": "CCACA450-26BD-4221-BFB1-27B57C5E5C3A"
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.004_04",
"matchCriteriaId": "356EEFF0-DC56-4E12-B7B1-DB28784FF3B1"
}
]
}
@ -70,15 +92,25 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=88932165406213&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "http://www.iss.net/security_center/static/7243.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

40
CVE-2000/CVE-2000-09xx/CVE-2000-0972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2000-0972",
"sourceIdentifier": "cve@mitre.org",
"published": "2000-12-19T05:00:00.000",
"lastModified": "2017-10-10T01:29:25.170",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:56:22.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-59"
}
]
}
@ -56,11 +78,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
@ -76,13 +93,18 @@
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5410",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2000/CVE-2000-11xx/CVE-2000-1178.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2000-1178",
"sourceIdentifier": "cve@mitre.org",
"published": "2001-01-09T05:00:00.000",
"lastModified": "2018-05-03T01:29:10.457",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:59:03.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-59"
}
]
}
@ -71,41 +93,64 @@
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=97500174210821&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.debian.org/security/2000/20001201",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2000-110.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/1959",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5546",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2020/CVE-2020-288xx/CVE-2020-28871.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-28871",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-10T01:15:14.627",
"lastModified": "2023-03-23T17:15:13.497",
"lastModified": "2024-01-26T16:46:58.970",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6"
"criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8"
}
]
}

6
CVE-2020/CVE-2020-288xx/CVE-2020-28872.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-28872",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-04-12T14:15:14.133",
"lastModified": "2022-10-07T02:56:41.750",
"lastModified": "2024-01-26T16:46:58.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6"
"criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8"
}
]
}

10
CVE-2020/CVE-2020-367xx/CVE-2020-36771.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-36771",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T14:15:07.530",
"lastModified": "2024-01-22T14:33:50.237",
"lastModified": "2024-01-26T16:15:21.483",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CloudLinux\n CageFS 7.1.1-1 or below passes the authentication token as command line\n argument. In some configurations this allows local users to view it via\n the process list and gain code execution as another user.\n\n\n"
},
{
"lang": "es",
"value": "CloudLinux CageFS 7.1.1-1 o inferior pasa el token de autenticaci\u00f3n como argumento de l\u00ednea de comando. En algunas configuraciones, esto permite a los usuarios locales verlo a trav\u00e9s de la lista de procesos y obtener la ejecuci\u00f3n del c\u00f3digo como otro usuario."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/24",
"source": "secalert@redhat.com"
},
{
"url": "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100",
"source": "secalert@redhat.com"

10
CVE-2020/CVE-2020-367xx/CVE-2020-36772.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-36772",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-22T15:15:07.883",
"lastModified": "2024-01-22T19:10:26.333",
"lastModified": "2024-01-26T16:15:21.613",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "CloudLinux\n CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to\n the sendmail proxy command. This allows local users to read and write \narbitrary files outside the CageFS environment in a limited way.\n"
},
{
"lang": "es",
"value": "CloudLinux CageFS 7.0.8-2 o inferior restringe insuficientemente las rutas de archivo proporcionadas al comando proxy sendmail. Esto permite a los usuarios locales leer y escribir archivos arbitrarios fuera del entorno CageFS de forma limitada."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/25",
"source": "secalert@redhat.com"
},
{
"url": "https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100",
"source": "secalert@redhat.com"

68
CVE-2021/CVE-2021-313xx/CVE-2021-31314.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2021-31314",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-20T01:15:07.770",
"lastModified": "2024-01-20T02:58:09.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:43:27.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos en el sistema de seguridad del terminal ejinshan v8+ permite a los atacantes cargar archivos arbitrarios en ubicaciones arbitrarias del servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ejinshan:terminal_security_system:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEC5644-D1C1-415A-A07F-3A71D7C850E5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/huahaiYa/jinshansoft/blob/main/Kingsoft%20Security%20Arbitrary%20File%20Upload%20%2B%20File%20Contains%20Vulnerabilities.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

33
CVE-2022/CVE-2022-212xx/CVE-2022-21248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21248",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:10.287",
"lastModified": "2023-09-08T00:15:07.480",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:09:33.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -159,8 +159,13 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -194,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
@ -901,15 +911,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202209-05",

38
CVE-2022/CVE-2022-212xx/CVE-2022-21291.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21291",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:12.350",
"lastModified": "2023-09-08T00:15:08.240",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:46:36.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -179,8 +179,13 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -214,6 +219,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
@ -278,12 +288,30 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202209-05",

33
CVE-2022/CVE-2022-212xx/CVE-2022-21293.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21293",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:12.447",
"lastModified": "2023-09-08T00:15:08.367",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:43:54.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -189,8 +189,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -224,6 +239,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
@ -886,7 +906,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202209-05",

33
CVE-2022/CVE-2022-212xx/CVE-2022-21296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21296",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:12.587",
"lastModified": "2023-09-08T00:15:08.663",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:44:38.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -144,8 +144,28 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -179,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

28
CVE-2022/CVE-2022-212xx/CVE-2022-21299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21299",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:12.727",
"lastModified": "2023-09-08T00:15:08.790",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:44:46.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -149,8 +149,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -184,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

28
CVE-2022/CVE-2022-213xx/CVE-2022-21305.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21305",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:13.013",
"lastModified": "2023-09-08T00:15:08.910",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:15:21.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -149,8 +149,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -184,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

28
CVE-2022/CVE-2022-213xx/CVE-2022-21340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21340",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:14.650",
"lastModified": "2023-09-08T00:15:09.037",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:15:32.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -149,8 +149,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -184,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

28
CVE-2022/CVE-2022-213xx/CVE-2022-21341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21341",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:14.697",
"lastModified": "2023-09-08T00:15:09.163",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:15:38.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -149,8 +149,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -184,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

28
CVE-2022/CVE-2022-213xx/CVE-2022-21360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21360",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:15.540",
"lastModified": "2023-09-08T00:15:09.307",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:11:45.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -149,8 +149,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -184,6 +199,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

28
CVE-2022/CVE-2022-213xx/CVE-2022-21365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21365",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2022-01-19T12:15:15.770",
"lastModified": "2023-09-08T00:15:09.500",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:12:01.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -174,8 +174,23 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C"
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08"
},
{
"vulnerable": true,
@ -209,6 +224,11 @@
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",

22
CVE-2022/CVE-2022-35xx/CVE-2022-3580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3580",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-18T11:15:09.750",
"lastModified": "2023-11-07T03:51:27.770",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:51:06.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -79,8 +89,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cashier_queuing_system_project:cashier_queuing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B21EB003-D923-4995-B525-ED718FCE2D9A"
"criteria": "cpe:2.3:a:oretnom23:cashier_queuing_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "725E5246-68E0-436C-9BCC-B30E7386BD3A"
}
]
}

8
CVE-2022/CVE-2022-36xx/CVE-2022-3625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3625",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-21T06:15:09.577",
"lastModified": "2023-11-07T03:51:32.147",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:50:58.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

8
CVE-2022/CVE-2022-36xx/CVE-2022-3649.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-3649",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-21T20:15:09.837",
"lastModified": "2023-11-07T03:51:34.577",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:50:53.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -60,7 +60,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

60
CVE-2023/CVE-2023-220xx/CVE-2023-22006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22006",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:12.067",
"lastModified": "2023-09-19T11:16:08.343",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:48:39.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -118,6 +118,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
@ -131,12 +136,56 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
@ -154,7 +203,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5478",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",

60
CVE-2023/CVE-2023-220xx/CVE-2023-22036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22036",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:13.587",
"lastModified": "2023-09-19T11:16:09.930",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:48:31.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -118,6 +118,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
@ -131,12 +136,56 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
@ -154,7 +203,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5478",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",

60
CVE-2023/CVE-2023-220xx/CVE-2023-22041.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22041",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:13.963",
"lastModified": "2023-09-19T11:16:11.037",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:48:25.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -148,6 +148,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
@ -161,12 +166,56 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
@ -184,7 +233,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5478",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",

60
CVE-2023/CVE-2023-220xx/CVE-2023-22045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22045",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-07-18T21:15:14.267",
"lastModified": "2023-09-19T11:16:11.777",
"vulnStatus": "Modified",
"lastModified": "2024-01-26T16:04:45.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -138,6 +138,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
@ -151,12 +156,56 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0006/",
@ -174,7 +223,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5478",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2023.html",

6
CVE-2023/CVE-2023-267xx/CVE-2023-26775.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26775",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:09.020",
"lastModified": "2023-04-10T23:15:07.177",
"lastModified": "2024-01-26T16:46:58.970",
"vulnStatus": "Modified",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6"
"criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8"
}
]
}

6
CVE-2023/CVE-2023-267xx/CVE-2023-26776.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26776",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:09.063",
"lastModified": "2023-04-10T19:10:25.500",
"lastModified": "2024-01-26T16:46:58.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "F2114A6A-8E4E-4983-B7A7-91D89BBB62E6"
"criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8"
}
]
}

60
CVE-2023/CVE-2023-289xx/CVE-2023-28901.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28901",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-01-18T17:15:14.003",
"lastModified": "2024-01-18T19:25:46.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:01:23.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number."
},
{
"lang": "es",
"value": "La nube de Skoda Automotive contiene una vulnerabilidad de control de acceso roto, que permite a atacantes remotos obtener datos de viajes recientes, kilometraje del veh\u00edculo, consumo de combustible, velocidad media y m\u00e1xima y otra informaci\u00f3n de los usuarios del servicio Skoda Connect especificando un n\u00famero VIN arbitrario del veh\u00edculo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:skoda-auto:skoda_connect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52F83D74-D8F0-4D6C-B382-6E1ECE9373AF"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-28901/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

90
CVE-2023/CVE-2023-400xx/CVE-2023-40051.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40051",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-18T15:15:09.060",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:25:18.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.\u00a0An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n\n\n"
},
{
"lang": "es",
"value": "Este problema afecta a Progress Application Server (PAS) para OpenEdge en las versiones 11.7 anteriores a 11.7.18, 12.2 anteriores a 12.2.13 y versiones de innovaci\u00f3n anteriores a 12.8.0. Un atacante puede formular una solicitud para un transporte WEB que permita cargas de archivos no deseadas a una ruta de directorio del servidor en el sistema que ejecuta PASOE. Si la carga contiene un payload que puede explotar a\u00fan m\u00e1s el servidor o su red, es posible que se lance un ataque a mayor escala."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7",
"versionEndExcluding": "11.7.18",
"matchCriteriaId": "7298E8E1-4C6A-4AE7-954E-480F86D8B8E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2",
"versionEndExcluding": "12.2.13",
"matchCriteriaId": "2057ECB7-5DD8-485F-9D43-560A152C883C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.8.0",
"matchCriteriaId": "59216BF0-5044-4252-AB97-B63FFAA84F24"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/openedge",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

90
CVE-2023/CVE-2023-400xx/CVE-2023-40052.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40052",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-18T15:15:09.247",
"lastModified": "2024-01-18T15:50:54.810",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:26:09.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0\n\n.\u00a0\n\nAn attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server\u2019s remaining ability to process valid requests.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Este problema afecta a Progress Application Server (PAS) para OpenEdge en las versiones 11.7 anteriores a 11.7.18, 12.2 anteriores a 12.2.13 y versiones de innovaci\u00f3n anteriores a 12.8.0. Un atacante que pueda generar una solicitud web con formato incorrecto puede provocar el bloqueo de un agente PASOE, lo que podr\u00eda interrumpir las actividades de subprocesos de muchos clientes de aplicaciones web. Varios de estos ataques DoS podr\u00edan provocar una inundaci\u00f3n de solicitudes no v\u00e1lidas en comparaci\u00f3n con la capacidad restante del servidor para procesar solicitudes v\u00e1lidas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
@ -46,14 +80,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7",
"versionEndExcluding": "11.7.18",
"matchCriteriaId": "7298E8E1-4C6A-4AE7-954E-480F86D8B8E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2",
"versionEndExcluding": "12.2.13",
"matchCriteriaId": "2057ECB7-5DD8-485F-9D43-560A152C883C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.8.0",
"matchCriteriaId": "59216BF0-5044-4252-AB97-B63FFAA84F24"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/openedge",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}

217
CVE-2023/CVE-2023-50xx/CVE-2023-5080.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5080",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.017",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:02:33.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. "
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en algunas tabletas Lenovo que podr\u00eda permitir que las aplicaciones locales accedan a identificadores de dispositivos y comandos del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,183 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505f_usr_s301106_2309140042_v9.56_bmp_row",
"matchCriteriaId": "B1600932-86AD-4062-9BBE-7E05823E0841"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C36249B8-17F5-4C84-80DA-D53B15ECB132"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505fs_usr_s301107_2309140028_v9.56_bmp_row",
"matchCriteriaId": "25FEBB11-E2A9-4BF2-A4EA-864EA28D4428"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F11D4E8A-9D72-424F-A9EF-8DFD7CC6B373"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505x_usr_s301129_2309141226_v9.56_bmp_row",
"matchCriteriaId": "BE24D7D6-76BC-4FDA-9A20-D2367C6C7BB8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1181F5AF-6A77-4B24-A8AD-41940D344829"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505xs_usr_s301077_2309140036_v9.56_bmp_row",
"matchCriteriaId": "2687A841-CF4C-4DD9-A9F5-F18AD3A8144D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D690DD9B-767A-4487-8F81-E527E4838989"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb125fu_usr_s100116_2311171525_mp1rc_row",
"matchCriteriaId": "8DFC63D1-5E58-429A-B07C-D27E4E644F90"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "450B5FBD-8E52-4C87-A563-FA1B45FB86CE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_p11_pro_gen_2_tb132fu_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb132fu_s240219_231123_row",
"matchCriteriaId": "33D5ED5F-B0CA-4A3C-94EB-626DC3180DB3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_p11_pro_gen_2_tb132fu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDAC7D3-75F1-4D59-8B94-5C2159AF1CDE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-142135",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

139
CVE-2023/CVE-2023-50xx/CVE-2023-5081.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5081",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.230",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:02:59.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. "
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Lenovo Tab M8 HD que podr\u00eda permitir que una aplicaci\u00f3n local recopile un identificador de dispositivo no reiniciable."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,127 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505f_usr_s301106_2309140042_v9.56_bmp_row",
"matchCriteriaId": "B1600932-86AD-4062-9BBE-7E05823E0841"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C36249B8-17F5-4C84-80DA-D53B15ECB132"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505fs_usr_s301107_2309140028_v9.56_bmp_row",
"matchCriteriaId": "25FEBB11-E2A9-4BF2-A4EA-864EA28D4428"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F11D4E8A-9D72-424F-A9EF-8DFD7CC6B373"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505x_usr_s301129_2309141226_v9.56_bmp_row",
"matchCriteriaId": "BE24D7D6-76BC-4FDA-9A20-D2367C6C7BB8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1181F5AF-6A77-4B24-A8AD-41940D344829"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8505xs_usr_s301077_2309140036_v9.56_bmp_row",
"matchCriteriaId": "2687A841-CF4C-4DD9-A9F5-F18AD3A8144D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D690DD9B-767A-4487-8F81-E527E4838989"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-142135",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-519xx/CVE-2023-51925.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-51925",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-20T02:15:07.773",
"lastModified": "2024-01-20T02:58:09.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:46:39.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el m\u00e9todo nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() de YonBIP v3_23.05 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yonyou:yonbip:3_23.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B2233A40-5ECC-45B7-B651-5B57118891C3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://yonbip.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51925.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.yonyou.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

31
CVE-2023/CVE-2023-60xx/CVE-2023-6043.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6043",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.433",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:03:21.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges."
},
{
"lang": "es",
"value": "Se inform\u00f3 de una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podr\u00eda permitir a un atacante local eludir las comprobaciones de integridad y ejecutar c\u00f3digo arbitrario con privilegios elevados."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.49.0",
"matchCriteriaId": "C16608AA-34BC-4F60-93CD-B33F5CC39EF7"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-144736",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-60xx/CVE-2023-6044.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-6044",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.647",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:56:47.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges."
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podr\u00eda permitir que un atacante local con acceso f\u00edsico se haga pasar por Lenovo Vantage Service y ejecute c\u00f3digo arbitrario con privilegios elevados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0.49.0",
"matchCriteriaId": "C16608AA-34BC-4F60-93CD-B33F5CC39EF7"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-144736",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-62xx/CVE-2023-6291.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2023-6291",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-26T15:15:08.280",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:7854",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7855",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7856",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7857",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7858",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7860",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7861",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6291",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407",
"source": "secalert@redhat.com"
}
]
}

43
CVE-2023/CVE-2023-64xx/CVE-2023-6450.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6450",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.853",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:59:00.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service."
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de permisos incorrectos en la aplicaci\u00f3n Lenovo App Store que podr\u00eda permitir a un atacante utilizar recursos del sistema, lo que provocar\u00eda una denegaci\u00f3n de servicio."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.4.20",
"matchCriteriaId": "EBE4493E-19DF-4653-AFEB-70746B7208FA"
}
]
}
]
}
],
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/419672",
"source": "psirt@lenovo.com"
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-07xx/CVE-2024-0713.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0713",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T14:15:13.277",
"lastModified": "2024-01-19T15:56:19.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:58:48.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Monitorr 1.7.6m. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /assets/php/upload.php del componente Services Configuration es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fileToUpload conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251539. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2ED07C-59E4-46E4-A33E-BB43B3B370F8"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251539",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251539",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-07xx/CVE-2024-0733.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0733",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T21:15:08.703",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:03:13.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Smsot hasta 2.12. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /api.php del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento data[sign] conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251556."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smsot:smsot:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.12",
"matchCriteriaId": "1514F763-D93B-4C93-B607-27335A693E34"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/3GznRo9vWRJ8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.251556",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251556",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-07xx/CVE-2024-0734.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0734",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T21:15:08.923",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:57:32.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Smsot hasta 2.12. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /get.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento tid conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251557."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smsot:smsot:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.12",
"matchCriteriaId": "1514F763-D93B-4C93-B607-27335A693E34"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/vo1KOw3EYmBK",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.251557",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251557",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-07xx/CVE-2024-0738.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0738",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T22:15:07.997",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:13:41.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada y clasificada como cr\u00edtica en mldong 1.0. Este problema afecta la funci\u00f3n ExpressionEngine del archivo com/mldong/modules/wf/engine/model/DecisionModel.java. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251561."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:garethhk:mldong:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F29B2-5DEB-4CDF-8103-603DC94BF43B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.251561",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251561",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-07xx/CVE-2024-0739.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0739",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-19T22:15:08.217",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:44:57.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Hecheng Leadshop hasta 1.4.20 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /web/leadshop.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento install conduce a la deserializaci\u00f3n. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251562 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leadshop:leadshop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.4.0",
"versionEndIncluding": "1.4.20",
"matchCriteriaId": "873747E1-23AC-4CD5-BBE1-4293A478A1CF"
}
]
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/vLswXhWxUrs8",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.251562",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251562",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-07xx/CVE-2024-0758.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-0758",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:09.600",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T17:00:10.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.\n\n\n"
},
{
"lang": "es",
"value": "MolecularFaces anteriores a 0.3.0 son vulnerables a cross site scripting. Un atacante remoto puede ejecutar JavaScript arbitrario en el contexto del navegador de la v\u00edctima a trav\u00e9s de archivos mol manipulados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,18 +60,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ipb-halle:molecularfaces:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.3.0",
"matchCriteriaId": "D088D106-C946-4483-BAB7-BDF8B4153563"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-2pwh-52h7-7j84",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

4
CVE-2024/CVE-2024-09xx/CVE-2024-0921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0921",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.237",
"lastModified": "2024-01-26T14:15:50.237",
"vulnStatus": "Received",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-09xx/CVE-2024-0922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0922",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.527",
"lastModified": "2024-01-26T14:15:50.527",
"vulnStatus": "Received",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-09xx/CVE-2024-0923.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0923",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.747",
"lastModified": "2024-01-26T14:15:50.747",
"vulnStatus": "Received",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2024/CVE-2024-09xx/CVE-2024-0924.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0924",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T15:15:08.537",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252129",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252129",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0925.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0925",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T15:15:08.770",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252130",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252130",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0926.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0926",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T15:15:08.983",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252131",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252131",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0927.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0927",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T15:15:09.217",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252132",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252132",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0928.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0928",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T16:15:21.707",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252133",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252133",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0929.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0929",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T16:15:22.020",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252134",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252134",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-09xx/CVE-2024-0930.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0930",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T16:15:22.287",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252135",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252135",
"source": "cna@vuldb.com"
}
]
}

55
CVE-2024/CVE-2024-219xx/CVE-2024-21985.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21985",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2024-01-26T16:15:22.597",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 \nand 9.13.1P4 are susceptible to a vulnerability which could allow an \nauthenticated user with multiple remote accounts with differing roles to\n perform actions via REST API beyond their intended privilege. Possible \nactions include viewing limited configuration details and metrics or \nmodifying limited settings, some of which could result in a Denial of \nService (DoS).\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240126-0001/",
"source": "security-alert@netapp.com"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22550.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22550",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T15:15:09.437",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22551.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22551",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T15:15:09.490",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/176314/WhatACart-2.0.7-Cross-Site-Scripting.html",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-232xx/CVE-2024-23206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23206",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.840",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:15:22.890",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"

8
CVE-2024/CVE-2024-232xx/CVE-2024-23211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23211",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.087",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:15:22.953",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214056",
"source": "product-security@apple.com"

8
CVE-2024/CVE-2024-232xx/CVE-2024-23213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23213",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.183",
"lastModified": "2024-01-23T13:44:00.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:15:23.020",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"

8
CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.500",
"lastModified": "2024-01-24T02:00:01.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:15:23.083",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2024-01-23",
"cisaActionDue": "2024-02-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -20,6 +20,10 @@
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"

78
CVE-2024/CVE-2024-236xx/CVE-2024-23681.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-23681",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:10.207",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:08:04.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de Artemis Java Test Sandbox anteriores a 1.11.2 son vulnerables a un escape de la sandbox cuando un atacante carga librer\u00edas que no son de confianza utilizando System.load o System.loadLibrary. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,18 +60,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.2",
"matchCriteriaId": "D02F9163-5CB9-4780-B35C-BFA6002078B7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-98hq-4wmw-98w9",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-236xx/CVE-2024-23682.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-23682",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:10.273",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:08:33.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares conf\u00eda. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -27,26 +64,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.0",
"matchCriteriaId": "12206DA2-20AE-4357-A395-4CB389485D00"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-227w-wv4j-67h4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ls1intum/Ares/issues/15",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

95
CVE-2024/CVE-2024-236xx/CVE-2024-23683.json
View File

@ -2,39 +2,116 @@
"id": "CVE-2024-23683",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T21:15:10.340",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:17:29.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.6",
"matchCriteriaId": "147CDF80-6055-494C-8B01-74B48210DE43"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-883x-6fch-6wjx",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/ls1intum/Ares/releases/tag/1.7.6",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2024/CVE-2024-236xx/CVE-2024-23687.json
View File

@ -2,35 +2,115 @@
"id": "CVE-2024-23687",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T22:15:08.517",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T16:54:13.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.\n\n"
},
{
"lang": "es",
"value": "Las credenciales codificadas en las versiones FOLIO mod-data-export-spring anteriores a 1.5.4 y de 2.0.0 a 2.0.2 permiten a usuarios no autenticados acceder a API cr\u00edticas, modificar datos de usuario, modificar configuraciones, incluido el inicio de sesi\u00f3n \u00fanico, y manipular tarifas/multas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openlibraryfoundation:mod-data-export-spring:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.4",
"matchCriteriaId": "EF023FD8-0E0B-4208-BDB3-8F9F73A25B45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openlibraryfoundation:mod-data-export-spring:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.2",
"matchCriteriaId": "AC95B1BE-9BE8-4C31-B57B-9E4E09E14745"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-vf78-3q9f-92g3",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://wiki.folio.org/x/hbMMBw",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-236xx/CVE-2024-23688.json
View File

@ -2,16 +2,53 @@
"id": "CVE-2024-23688",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-19T22:15:08.563",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T15:53:31.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.\n\n"
},
{
"lang": "es",
"value": "Las versiones de Consensys Discovery inferiores a 0.4.5 utilizan el mismo nonce AES/GCM durante toda la sesi\u00f3n que idealmente deber\u00eda ser \u00fanico para cada mensaje. La clave privada del nodo no est\u00e1 comprometida, solo se expone la clave de sesi\u00f3n generada para una comunicaci\u00f3n entre pares espec\u00edfica."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
},
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@ -23,18 +60,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:consensys:discovery:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.4.5",
"matchCriteriaId": "33F278C7-2BA2-400A-AB54-C1CC096B8D31"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/advisories/GHSA-w3hj-wr2q-x83g",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g",
"source": "disclosure@vulncheck.com"
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-26T15:00:24.884467+00:00
2024-01-26T17:00:35.248459+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-26T14:59:22.727000+00:00
2024-01-26T17:00:10.607000+00:00
```
### Last Data Feed Release
@ -29,47 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236917
236928
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `11`
* [CVE-2024-0921](CVE-2024/CVE-2024-09xx/CVE-2024-0921.json) (`2024-01-26T14:15:50.237`)
* [CVE-2024-0922](CVE-2024/CVE-2024-09xx/CVE-2024-0922.json) (`2024-01-26T14:15:50.527`)
* [CVE-2024-0923](CVE-2024/CVE-2024-09xx/CVE-2024-0923.json) (`2024-01-26T14:15:50.747`)
* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-01-26T15:15:08.280`)
* [CVE-2024-0924](CVE-2024/CVE-2024-09xx/CVE-2024-0924.json) (`2024-01-26T15:15:08.537`)
* [CVE-2024-0925](CVE-2024/CVE-2024-09xx/CVE-2024-0925.json) (`2024-01-26T15:15:08.770`)
* [CVE-2024-0926](CVE-2024/CVE-2024-09xx/CVE-2024-0926.json) (`2024-01-26T15:15:08.983`)
* [CVE-2024-0927](CVE-2024/CVE-2024-09xx/CVE-2024-0927.json) (`2024-01-26T15:15:09.217`)
* [CVE-2024-22550](CVE-2024/CVE-2024-225xx/CVE-2024-22550.json) (`2024-01-26T15:15:09.437`)
* [CVE-2024-22551](CVE-2024/CVE-2024-225xx/CVE-2024-22551.json) (`2024-01-26T15:15:09.490`)
* [CVE-2024-0928](CVE-2024/CVE-2024-09xx/CVE-2024-0928.json) (`2024-01-26T16:15:21.707`)
* [CVE-2024-0929](CVE-2024/CVE-2024-09xx/CVE-2024-0929.json) (`2024-01-26T16:15:22.020`)
* [CVE-2024-0930](CVE-2024/CVE-2024-09xx/CVE-2024-0930.json) (`2024-01-26T16:15:22.287`)
* [CVE-2024-21985](CVE-2024/CVE-2024-219xx/CVE-2024-21985.json) (`2024-01-26T16:15:22.597`)
### CVEs modified in the last Commit
Recently modified CVEs: `110`
Recently modified CVEs: `55`
* [CVE-2024-23857](CVE-2024/CVE-2024-238xx/CVE-2024-23857.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23858](CVE-2024/CVE-2024-238xx/CVE-2024-23858.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23859](CVE-2024/CVE-2024-238xx/CVE-2024-23859.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23860](CVE-2024/CVE-2024-238xx/CVE-2024-23860.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23861](CVE-2024/CVE-2024-238xx/CVE-2024-23861.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23862](CVE-2024/CVE-2024-238xx/CVE-2024-23862.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23863](CVE-2024/CVE-2024-238xx/CVE-2024-23863.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23864](CVE-2024/CVE-2024-238xx/CVE-2024-23864.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23865](CVE-2024/CVE-2024-238xx/CVE-2024-23865.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23866](CVE-2024/CVE-2024-238xx/CVE-2024-23866.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23867](CVE-2024/CVE-2024-238xx/CVE-2024-23867.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23868](CVE-2024/CVE-2024-238xx/CVE-2024-23868.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23869](CVE-2024/CVE-2024-238xx/CVE-2024-23869.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23870](CVE-2024/CVE-2024-238xx/CVE-2024-23870.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23871](CVE-2024/CVE-2024-238xx/CVE-2024-23871.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23872](CVE-2024/CVE-2024-238xx/CVE-2024-23872.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23873](CVE-2024/CVE-2024-238xx/CVE-2024-23873.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-01-26T13:51:45.267`)
* [CVE-2024-22402](CVE-2024/CVE-2024-224xx/CVE-2024-22402.json) (`2024-01-26T14:11:30.677`)
* [CVE-2024-22404](CVE-2024/CVE-2024-224xx/CVE-2024-22404.json) (`2024-01-26T14:37:23.880`)
* [CVE-2024-22401](CVE-2024/CVE-2024-224xx/CVE-2024-22401.json) (`2024-01-26T14:42:35.147`)
* [CVE-2024-0737](CVE-2024/CVE-2024-07xx/CVE-2024-0737.json) (`2024-01-26T14:44:48.370`)
* [CVE-2024-23689](CVE-2024/CVE-2024-236xx/CVE-2024-23689.json) (`2024-01-26T14:50:45.023`)
* [CVE-2024-22212](CVE-2024/CVE-2024-222xx/CVE-2024-22212.json) (`2024-01-26T14:58:18.877`)
* [CVE-2023-22045](CVE-2023/CVE-2023-220xx/CVE-2023-22045.json) (`2024-01-26T16:04:45.867`)
* [CVE-2023-51925](CVE-2023/CVE-2023-519xx/CVE-2023-51925.json) (`2024-01-26T16:46:39.787`)
* [CVE-2023-26775](CVE-2023/CVE-2023-267xx/CVE-2023-26775.json) (`2024-01-26T16:46:58.970`)
* [CVE-2023-26776](CVE-2023/CVE-2023-267xx/CVE-2023-26776.json) (`2024-01-26T16:46:58.970`)
* [CVE-2023-22041](CVE-2023/CVE-2023-220xx/CVE-2023-22041.json) (`2024-01-26T16:48:25.717`)
* [CVE-2023-22036](CVE-2023/CVE-2023-220xx/CVE-2023-22036.json) (`2024-01-26T16:48:31.050`)
* [CVE-2023-22006](CVE-2023/CVE-2023-220xx/CVE-2023-22006.json) (`2024-01-26T16:48:39.380`)
* [CVE-2024-23681](CVE-2024/CVE-2024-236xx/CVE-2024-23681.json) (`2024-01-26T15:08:04.263`)
* [CVE-2024-23682](CVE-2024/CVE-2024-236xx/CVE-2024-23682.json) (`2024-01-26T15:08:33.007`)
* [CVE-2024-0738](CVE-2024/CVE-2024-07xx/CVE-2024-0738.json) (`2024-01-26T15:13:41.257`)
* [CVE-2024-23683](CVE-2024/CVE-2024-236xx/CVE-2024-23683.json) (`2024-01-26T15:17:29.350`)
* [CVE-2024-0739](CVE-2024/CVE-2024-07xx/CVE-2024-0739.json) (`2024-01-26T15:44:57.530`)
* [CVE-2024-23688](CVE-2024/CVE-2024-236xx/CVE-2024-23688.json) (`2024-01-26T15:53:31.397`)
* [CVE-2024-0713](CVE-2024/CVE-2024-07xx/CVE-2024-0713.json) (`2024-01-26T15:58:48.263`)
* [CVE-2024-0733](CVE-2024/CVE-2024-07xx/CVE-2024-0733.json) (`2024-01-26T16:03:13.010`)
* [CVE-2024-23206](CVE-2024/CVE-2024-232xx/CVE-2024-23206.json) (`2024-01-26T16:15:22.890`)
* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-01-26T16:15:22.953`)
* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-01-26T16:15:23.020`)
* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-26T16:15:23.083`)
* [CVE-2024-0921](CVE-2024/CVE-2024-09xx/CVE-2024-0921.json) (`2024-01-26T16:33:07.620`)
* [CVE-2024-0922](CVE-2024/CVE-2024-09xx/CVE-2024-0922.json) (`2024-01-26T16:33:07.620`)
* [CVE-2024-0923](CVE-2024/CVE-2024-09xx/CVE-2024-0923.json) (`2024-01-26T16:33:07.620`)
* [CVE-2024-23687](CVE-2024/CVE-2024-236xx/CVE-2024-23687.json) (`2024-01-26T16:54:13.900`)
* [CVE-2024-0734](CVE-2024/CVE-2024-07xx/CVE-2024-0734.json) (`2024-01-26T16:57:32.447`)
* [CVE-2024-0758](CVE-2024/CVE-2024-07xx/CVE-2024-0758.json) (`2024-01-26T17:00:10.607`)
## Download and Usage